Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/a2d47e-d114-43a1-bdca-59005b2981d3/1/5vNjEjx7nnKHMQTVBwi8KGgr5VQ.roa
File:                     5vNjEjx7nnKHMQTVBwi8KGgr5VQ.roa (raw, json)
Hash identifier:          WrrhbiYgeeFKOz4Fy5s8aovocS9cx3oFZgMqRabjzaI=
Subject key identifier:   E6:F3:63:12:3C:7B:9E:72:87:31:04:D5:07:08:BC:28:68:2B:E5:54
Certificate issuer:       /CN=375fc21163596a51472c0ff184a64991dc83a6c1
Certificate serial:       018CC94CD087B8D192E3665C1415B2D22346
Authority key identifier: 37:5F:C2:11:63:59:6A:51:47:2C:0F:F1:84:A6:49:91:DC:83:A6:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N1_CEWNZalFHLA_xhKZJkdyDpsE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/a2d47e-d114-43a1-bdca-59005b2981d3/1/5vNjEjx7nnKHMQTVBwi8KGgr5VQ.roa
Signing time:             Tue 02 Jan 2024 08:31:43 +0000
ROA not before:           Tue 02 Jan 2024 08:31:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58169
IP address blocks:        193.0.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/a2d47e-d114-43a1-bdca-59005b2981d3/1/N1_CEWNZalFHLA_xhKZJkdyDpsE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/a2d47e-d114-43a1-bdca-59005b2981d3/1/N1_CEWNZalFHLA_xhKZJkdyDpsE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N1_CEWNZalFHLA_xhKZJkdyDpsE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:d0:87:b8:d1:92:e3:66:5c:14:15:b2:d2:23:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=375fc21163596a51472c0ff184a64991dc83a6c1
        Validity
            Not Before: Jan  2 08:31:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6f363123c7b9e72873104d50708bc28682be554
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:13:07:d7:f7:39:e4:55:04:a2:7e:ad:55:70:
                    4c:7d:5f:db:ea:2d:10:0f:ba:cf:4d:95:7c:3a:19:
                    ab:94:f1:d4:db:13:e0:de:cf:fe:02:43:1d:74:d4:
                    69:63:54:92:25:94:b4:09:96:af:ff:57:c6:d5:57:
                    55:f0:a3:21:0e:07:83:fa:d4:b9:24:d6:41:1b:21:
                    65:1f:74:3a:42:83:f3:a4:5f:8d:99:28:0e:20:46:
                    8c:cc:22:ec:b1:07:72:38:54:8d:e4:c2:0e:9e:e7:
                    00:74:2b:db:c3:ed:db:c7:e7:da:a7:70:60:fd:a6:
                    c2:af:2c:ab:64:bb:e1:82:cf:e7:67:ae:67:02:bb:
                    ca:3f:43:24:e1:48:f6:c0:4c:89:e3:b8:dd:0e:37:
                    43:4a:4c:f8:3f:9a:cf:a1:86:90:6b:58:36:f7:81:
                    60:50:58:48:80:87:fa:7c:c4:46:91:d5:66:59:4b:
                    47:e7:cd:ab:79:b1:99:f6:9b:46:bd:a4:8d:d7:a1:
                    44:d4:45:28:82:34:2e:6a:df:f7:a3:44:83:c8:fc:
                    42:05:ad:69:47:4f:70:63:2d:02:fc:49:67:74:67:
                    6f:01:16:39:52:09:27:ee:7a:40:80:38:ce:93:fd:
                    3a:ec:17:ec:b1:59:d3:87:43:be:54:67:b2:08:0e:
                    ce:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:F3:63:12:3C:7B:9E:72:87:31:04:D5:07:08:BC:28:68:2B:E5:54
            X509v3 Authority Key Identifier:
                keyid:37:5F:C2:11:63:59:6A:51:47:2C:0F:F1:84:A6:49:91:DC:83:A6:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N1_CEWNZalFHLA_xhKZJkdyDpsE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/a2d47e-d114-43a1-bdca-59005b2981d3/1/5vNjEjx7nnKHMQTVBwi8KGgr5VQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/a2d47e-d114-43a1-bdca-59005b2981d3/1/N1_CEWNZalFHLA_xhKZJkdyDpsE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:22:c4:a3:88:6c:8e:51:18:49:5b:51:81:8e:f9:47:3b:18:
         af:f8:eb:97:27:60:69:64:26:99:a5:8d:65:dd:73:79:17:3a:
         7b:1e:ec:ce:23:9f:20:78:46:19:f8:d0:ee:b4:fb:86:b3:a0:
         15:70:d9:ab:f2:31:78:70:72:3c:30:51:c0:70:86:af:43:b2:
         d8:46:e8:8a:53:fd:eb:d8:6b:af:51:9a:7b:bf:62:1e:f9:d7:
         23:a7:d1:49:ca:88:cd:36:50:69:34:ba:21:0c:be:71:0d:46:
         d4:72:e7:e6:c0:86:fe:b1:28:2a:c8:c8:ed:00:bc:1a:f8:ae:
         8b:09:af:07:7e:7d:79:02:44:68:97:24:f1:79:1d:16:c8:74:
         b7:39:67:49:dc:de:2a:ca:c4:e6:ca:ba:25:0f:4d:d4:2b:d4:
         6b:58:d6:d1:d2:3b:e3:ad:d2:73:b2:ed:97:42:e6:cd:3b:5e:
         5a:14:4f:0f:1a:a0:7e:25:2c:cd:d4:a9:08:a0:67:88:8d:e0:
         bb:66:dd:e4:0e:9d:f5:0a:6c:2a:55:3f:43:0a:bc:64:2e:7d:
         7a:e8:7b:26:74:b5:fc:61:8e:67:ec:a9:a2:4a:34:b6:d2:d9:
         eb:72:df:08:a5:2f:d2:a2:02:fb:b6:0b:e2:39:a7:33:9c:e6:
         24:2c:84:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTNCHuNGS42ZcFBWy0iNGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NWZjMjExNjM1OTZhNTE0NzJjMGZmMTg0YTY0OTkxZGM4
M2E2YzEwHhcNMjQwMTAyMDgzMTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmYzNjMxMjNjN2I5ZTcyODczMTA0ZDUwNzA4YmMyODY4MmJlNTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzBMH1/c55FUEon6tVXBMfV/b6i0Q
D7rPTZV8OhmrlPHU2xPg3s/+AkMddNRpY1SSJZS0CZav/1fG1VdV8KMhDgeD+tS5
JNZBGyFlH3Q6QoPzpF+NmSgOIEaMzCLssQdyOFSN5MIOnucAdCvbw+3bx+fap3Bg
/abCryyrZLvhgs/nZ65nArvKP0Mk4Uj2wEyJ47jdDjdDSkz4P5rPoYaQa1g294Fg
UFhIgIf6fMRGkdVmWUtH582rebGZ9ptGvaSN16FE1EUogjQuat/3o0SDyPxCBa1p
R09wYy0C/ElndGdvARY5Ugkn7npAgDjOk/067BfssVnTh0O+VGeyCA7OrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFObzYxI8e55yhzEE1QcIvChoK+VUMB8GA1UdIwQY
MBaAFDdfwhFjWWpRRywP8YSmSZHcg6bBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjFfQ0VXTlphbEZITEFfeGhLWkprZHlEcHNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9hMmQ0N2UtZDExNC00M2ExLWJkY2Et
NTkwMDViMjk4MWQzLzEvNXZOakVqeDdubktITVFUVkJ3aThLR2dyNVZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9hMmQ0N2UtZDExNC00M2ExLWJkY2EtNTkwMDViMjk4MWQz
LzEvTjFfQ0VXTlphbEZITEFfeGhLWkprZHlEcHNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQCcMA0G
CSqGSIb3DQEBCwUAA4IBAQBkIsSjiGyOURhJW1GBjvlHOxiv+OuXJ2BpZCaZpY1l
3XN5Fzp7HuzOI58geEYZ+NDutPuGs6AVcNmr8jF4cHI8MFHAcIavQ7LYRuiKU/3r
2GuvUZp7v2Ie+dcjp9FJyojNNlBpNLohDL5xDUbUcufmwIb+sSgqyMjtALwa+K6L
Ca8Hfn15AkRolyTxeR0WyHS3OWdJ3N4qysTmyrolD03UK9RrWNbR0jvjrdJzsu2X
QubNO15aFE8PGqB+JSzN1KkIoGeIjeC7Zt3kDp31CmwqVT9DCrxkLn166HsmdLX8
YY5n7KmiSjS20tnrct8IpS/SogL7tgviOacznOYkLIQ9
-----END CERTIFICATE-----